Share kubernetes secrets between namespaces?


Kubernetes secrets are API objects which can only be referenced by POD, so if you are working in multiple namespaces then you can not share the same kubernetes secrets. Although it is possible to copy the same kubernetes into the desired namespace.

In this blog post we are going to talk about alternate ways to share the secret between the multiple kubernetes namespace.

  1. Copy Kubernetes secret from one namespace to another namespace using pipe ”|” operator
  2. Copy kubernetes secrets using sed command
  3. Export kubernetes secret to yaml and then apply secret to new workspace
  4. Conclusion

1. Copy Kubernetes secret from one namespace to another namespace using pipe ”|” operator

As being an API object kubernetes secrets can not be shared between the namespaces,so the other way would be to copy the Kubernetes secrets from one namespace to another namespace and we can achieve this by using the pipe “|” operator.

1.1 Let’s first create two namespaces - testns1, testns2

(*Note - If you are new to Kubernetes secret then I would recommend you to read more about handling kubernetes secrets)

1$ kubectl create namespace testns1
2
3namespace/testns1 created

1$ kubectl create namespace testns2
2
3namespace/testns2 created

1.2 Create secret test-secret1 in the namespace - testns1

After creating the two namespaces testns1, testns2 let’s create the secret with the name test-secret1 inside the namespace testns1.

1$ kubectl create secret generic test-secret-1 --from-literal=username=test-user --from-literal=password=testP@ssword -n testns1
2
3secret/test-secret-1 created

1.3 Copy the secret test-secret-1 from namespace testns1 to testns2

Now we have two namespace - testns1, testns2 and secret test-secret-1. Let’s try to copy the secret from testns1 to testns2.

1$ kubectl get secret test-secret-1 --namespace=testns1 -oyaml | grep -v ^\s*namespace:\s' |kubectl apply --namespace=testns2 -f -
2
3secret/test-secret-1 created

Verify the secret which we copied into the namespace - testns2

1$ kubectl get secret test-secret-1 -n testns2
2
3NAME            TYPE     DATA   AGE
4test-secret-1   Opaque   2      4m22s

Here we are now with the secret which we copied from the namespace testns1.

2. Copy kubernetes secrets using sed command

The second way is to use the sed command to copy the kubernetes secrets. Again we are going to use the same secret . i.e. test-secret-1 which we have created in step 1 under testns1.

1$ kubectl get secret test-secret-1 -n testns1 -o yaml | sed s/"namespace: testns1"/"namespace: testns2"/| kubectl 
2apply -n testns2 -f -
3
4secret/test-secret-1 created


3. Export kubernetes secret to yaml and then apply secret to new workspace

The one more way to copy the secret would be first export the secret to yaml and then apply the exported secret configuration into the desired namespace.

3.1 Here is the command to export the secret -

1$ kubectl get secret test-secret-1 -n testns1 -o yaml
 1apiVersion: v1
 2data:
 3  password: dGVzdFBAc3N3b3Jk
 4  username: dGVzdC11c2Vy
 5kind: Secret
 6metadata:
 7  creationTimestamp: "2021-11-11T21:21:02Z"
 8  name: test-secret-1
 9  namespace: testns2
10  resourceVersion: "307939"
11  uid: 6a8d9a6d-9648-4a39-a362-150e682c9a42
12type: Opaque

3.2 Update the namespace name in the test-secret-2.yaml configuration

Since the exported yaml is from the namespace - testns1 but we need to copy the secret to namespace - testns2. So we need to update the configuration and change the namespace to testns2

Updated configuration -

 1apiVersion: v1
 2data:
 3  password: dGVzdFBAc3N3b3Jk
 4  username: dGVzdC11c2Vy
 5kind: Secret
 6metadata:
 7  creationTimestamp: "2021-11-11T21:21:02Z"
 8  name: test-secret-1
 9  namespace: testns2
10  resourceVersion: "307939"
11  uid: 6a8d9a6d-9648-4a39-a362-150e682c9a42
12type: Opaque

3.3 Save and apply the above configuration as test-secret-2.yaml

Run the following kubectl apply command to create the secret -

1$ kubectl apply -f test-secret-2.yaml
2
3secret/test-secret-1 created


4. Conclusion

Sharing the same kubernetes secrets across all the namespaces is not recommended practice is often considered as unsecured practices for managing your kubernetes secrets. In some cases we do like to use the same secrets but as always try to keep your kubernetes secrets isolated from each other and do not try to create multiple copies for the same kubernetes secrets.


Other articles on Devops -

  1. Setup kubernetes on Ubuntu
  2. Setup Kubernetes on CentOs
  3. Setup HA Kubernetes Cluster with Kubespray
  4. Setup HA Kubernetes with Minikube
  5. Setup Kubernetes Dashboard for local kubernetes cluster
  6. Setup Kubernetes Dashboard On GCP(Google Cloud Platform)
  7. How to use Persistent Volume and Persistent Volume Claims in Kubernetes
  8. Deploy Spring Boot Microservice on local Kubernetes cluster
  9. Deploy Spring Boot Microservice on Cloud Platform(GCP)
  10. Setting up Ingress controller NGINX along with HAproxy inside Kubernetes cluster
  11. CI/CD Kubernetes | Setting up CI/CD Jenkins pipeline for kubernetes
  12. kubectl export YAML | Get YAML for deployed kubernetes resources(service, deployment, PV, PVC….)
  13. How to setup kubernetes jenkins pipeline on AWS?
  14. Implementing Kubernetes liveness, Readiness and Startup probes with Spring Boot Microservice Application?
  15. How to fix kubernetes pods getting recreated?
  16. How to delete all kubernetes PODS?
  17. How to use Kubernetes secrets?
  18. Share kubernetes secrets between namespaces?